Overview

overview

10

Static

static

10

2744-94-0x...ry.exe

windows7-x64

2744-94-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2744-94-0x0000000000400000-0x000000000045E000-memory.dmp

  • Size

    376KB

  • MD5

    fad48d98ff6e570ce6149a77a02eccf9

  • SHA1

    2e820612766fcd786b6a302ed6407821c6941309

  • SHA256

    b33b33389d181f550094c3b630093be41022dd0f03c7a3aa15fa7005fc5f59c6

  • SHA512

    8b2b06b6779cdc9a905629f54513dc7ef0ee71e03fb6b0c4c66eae2fe5756b17b0de1cfadda7135a8f3f646d7e03396106de83af8743cfb22afd097b8226ab44

  • SSDEEP

    6144:run4ccY0FdxuxTuJOUh8gA6bQQxe2g389flL3X0LqJl:SSY0wCJd1AmxIs9flQLqJl

Score
10/10
kbopquasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

KBop

C2

kolptyubeatcam.sytes.net:64594

fronpeatcam.publicvm.com:64595

fronadeatcam.publicvm.com:64595

fronadeatcam.sytes.net:64595
Mutex

QSR_MUTEX_z6cdb40DnEoyUzOwXW

Attributes
  • encryption_key

    jem6XrSkWxQgjosAOUlN

  • install_name

    jres.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    jdm

  • subdirectory

    oilk

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2744-94-0x0000000000400000-0x000000000045E000-memory.dmp
    .exe windows x86


    Headers

    Sections